Archives are files and data structures that are stored in persistent storage systems. Persistent storage systems include fixed magnetic drives, flash memory devices, removable storage devices such as read-write compact discs (RW-CDs) drives and tape drives or similar storage devices. Archives are enciphered to secure the contents of the archive. An archive management program processes requests to access each archive by requesting a password from a user. The password is then input into a hashing algorithm to produce an archive key. The archive key is utilized to encipher the entire archive using a block cipher algorithm. However, the archive system presents several security and logistical problems. If the same password is used for multiple archives, then the same key is generated for each archive. Unauthorized decryption of an archive key that is utilized to encipher data is made easier the larger the set of enciphered data that is available. Thus, using the same archive key for multiple archives or each portion of a large archive is not desirable, because it creates a large data set that is more vulnerable to unauthorized access.
Another problem with the use of this method and system is that the change of a password requires that the entire archive be re-enciphered using a new archive key generated from the new password. Archives can be large and re-enciphering these archives can be time consuming and inconvenient. All archives enciphered with a changed archive key must be deciphered and then enciphered with a new key. Also, archives can be distributed over multiple volumes, which can be on separate devices or discs. As a result, the changing of the password can be very time consuming especially for large archives or archives with multiple volumes.
Creating multiple archive keys for different archives or sections of an archive can be accomplished by providing separate passwords to create each archive key or using a master key based on the password to generate additional keys. Generating additional keys based on a master key in this manner makes it difficult to change the password, as generated keys would need to be recalculated and each enciphered archive or portion of an archive would need to be re-enciphered. Also, controlling the characteristics of the additional keys is difficult.